Description of problem:

When installing satellite for the first time using custom certificates, we can realize that some steps are a bit confusing.

In general, the initial steps will be the same, for self-sign or custom, up to 3.5

3.5. Installing Satellite Server packages

The next one, 3.6, assumes that we will deploy the Satellite product, using the custom certs

3.6. Configuring Satellite Server

Also, we can see the example below, which is pretty useful for our customers.

satellite-installer --scenario satellite \
--foreman-initial-organization "My_Organization" \
--foreman-initial-location "My_Location" \
--foreman-initial-admin-username admin_user_name \
--foreman-initial-admin-password admin_password 

Note that, if the customer would like to deploy their Satellite using custom certs, our current document is "pushing" the customer to deploy the product using the self-sign certs, and then, updating it later.

I believe that our docs, in the chapter 3.6 should offer the option, if you would like to proceed with a self-signed certificate, just keep moving. However, if you would like to deploy custom certificates, you need to move to the Chapter 4.12

4.12. Configuring Satellite Server with a custom SSL certificate

Some additional info,

• On 4.12.1, the customer will create the CSR and will push it to the CA
• On 4.12.2, the customer will deploy the signed certificate on Satellite

And here, we can see the recommended command

satellite-installer \
--certs-server-cert "/root/satellite_cert/satellite_cert.pem" \
--certs-server-key "/root/satellite_cert/satellite_cert_key.pem" \
--certs-server-ca-cert "/root/satellite_cert/ca_cert_bundle.pem" \
--certs-update-server --certs-update-server-ca 

Two additional points here

First, this command is expected to work ONLY if the customer has already Satellite installed, if not, this command is going to fail.

Second, assuming that the customer is doing a brand new installation, and deploying the custom certificates, additional parameters as organization, location, admin, password and also scenario should be interesting

Current

satellite-installer \
--certs-server-cert "/root/satellite_cert/satellite_cert.pem" \
--certs-server-key "/root/satellite_cert/satellite_cert_key.pem" \
--certs-server-ca-cert "/root/satellite_cert/ca_cert_bundle.pem" \
--certs-update-server --certs-update-server-ca 

Proposal

satellite-installer --scenario satellite \
--foreman-initial-organization "My_Organization" \
--foreman-initial-location "My_Location" \ 
--foreman-initial-admin-username admin_user_name \ 
--foreman-initial-admin-password admin_password \
--certs-server-cert "/root/satellite_cert/satellite_cert.pem" \
--certs-server-key "/root/satellite_cert/satellite_cert_key.pem" \
--certs-server-ca-cert "/root/satellite_cert/ca_cert_bundle.pem" \
--certs-update-server --certs-update-server-ca 

As a first install, --certs-update-server --certs-update-server-ca should not be necessary, but also, they will not cause any problem.

How reproducible:

100%

Is this issue a regression from an earlier version:

Steps to Reproduce:

1. Just follow the docs, to deploy a new Satellite, using a custom certificates

2.

3.

Actual behavior:
The information is not clear, and could cause some issues/questions for customers with less knowledge of Satellite and certificate-related topics.

Expected behavior:
In Chapter 3.6, provide an option to the customer, for self-sign certificate, keep here, for custom certificates, move on to Chapter 4.12

Business Impact / Additional info: